How to install Nextcloud with Nginx and PHP7-FPM in CentOS7 graphic tutorial

Source: Internet
Author: User
Tags apcu free ssl ssl certificate
This article explains how to install Nextcloud with Nginx and PHP7-FPM in CentOS7, run Nextcloud through Nginx and PHP7-FPM, and use MariaDB as a database system. This article explains how to install Nextcloud with Nginx and PHP7-FPM in CentOS7, run Nextcloud through Nginx and PHP7-FPM, and use MariaDB as a database system.

Nextcloud is a free (open source) Dropbox-like software developed by the ownCloud branch. It is written in PHP and Javascript and supports multiple database systems, such as MySQL/MariaDB, PostgreSQL, Oracle Database, and SQLite. It can synchronize files on your desktop and ECS. Nextcloud provides client support for Windows, Linux, Mac, Android, and Apple mobile phones. Nextcloud is not just a Dropbox clone. It also provides many additional features, such as calendar, contacts, scheduled tasks, and streaming media Ampache.

In this article, I will show you how to install and configure the latest version of Nextcloud 10 on the CentOS 7 server. I will run Nextcloud through Nginx and PHP7-FPM, and use MariaDB as a database system.

Prerequisites

  1. 64-bit CentOS 7

  2. Root permission of the server

Step 1-install Nginx and PHP7-FPM in CentOS 7

Before starting to install Nginx and php7-fpm, we also learn to add the Repository source for the EPEL package first. Run the following command:

yum -y install epel-release

Install Nginx from the EPEL repository:

yum -y install nginx

Then we also need to add another repository for the php7-fpm. There is a remote repository on the Internet that provides PHP 7 packages. here I am using webtatic.

Add a PHP7-FPM webtatic repository:

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Then install the PHP7-FPM and some packages required by Nextcloud.

The code is as follows:

yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json php70w-pecl-apcu php70w-pecl-apcu-devel

Finally, check the PHP version number from the server terminal to verify that PHP is correctly installed.

php -v

In this step, we will configure php-fpm to run in collaboration with Nginx. Php7-fpm will usenginxUser to run and listen9000Port.

Use vim to edit default php7-fpm profiles.

vim /etc/php-fpm.d/www.conf

In rows 8th and 10th,user Andgroup Assignednginx.

user = nginxgroup = nginx

Make sure that the php-fpm runs on the specified port in row 3.

listen = 127.0.0.1:9000

Remove comments from lines 366th-370 and enable the system environment variables of php-fpm.

env[HOSTNAME] = $HOSTNAMEenv[PATH] = /usr/local/bin:/usr/bin:/binenv[TMP] = /tmpenv[TMPDIR] = /tmpenv[TEMP] = /tmp

Save the file and exit the vim editor.

The next step is /var/lib/ Directory to create a new foldersessionAnd change its owner nginx User.

mkdir -p /var/lib/php/sessionchown nginx:nginx -R /var/lib/php/session/

Start php-fpm and Nginx, and set them to the service that starts with the startup.

sudo systemctl start php-fpmsudo systemctl start nginxsudo systemctl enable php-fpmsudo systemctl enable nginx

I use MariaDB as the database of Nextcloud. Can be used directly yum The command is installed from the default remote repository of CentOS.mariadb-server Package.

yum -y install mariadb mariadb-server

Start MariaDB and add it to the service started with the system.

systemctl start mariadbsystemctl enable mariadb

Configure the root user password for MariaDB.

mysql_secure_installation

TypeY And then set the root password of MariaDB.

Set root password? [Y/n] YNew password:Re-enter new password:Remove anonymous users? [Y/n] YDisallow root login remotely? [Y/n] YRemove test database and access to it? [Y/n] YReload privilege tables now? [Y/n] Y

In this way, the password is set. now, log on to mysql shell and create a new database and user for Nextcloud. Here I createnextcloud_db And nextclouduser User whose password is nextclouduser@. Of course, you should choose a safer password for your system.

mysql -u root -p

Enter the root password of MariaDB to log on to mysql shell.

Enter the following mysql Query statement to create a new database and user.

create database nextcloud_db;create user nextclouduser@localhost identified by 'nextclouduser@';grant all privileges on nextcloud_db.* to nextclouduser@localhost identified by 'nextclouduser@';flush privileges;

In the tutorial, I will allow the client to run Nextcloud over https connections. You can use free SSL certificates such as let's encrypt, or create self-signed SSL certificates by yourself. Here I use OpenSSL to create my self-signed SSL certificate.

Create a new directory for the SSL file:

mkdir -p /etc/nginx/cert/

Use openssl to generate a new SSL certificate.

The code is as follows:

openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key

Finally, use the chmod command to set the permissions of all certificate files to 600.

chmod 700 /etc/nginx/certchmod 600 /etc/nginx/cert/*

I use it directlywget Command to download Nextcloud to the server, so you must first installwget. You also need to install unzip To decompress the package. Use yum Command to install the two programs.

yum -y install wget unzip

Enter /tmp Directory, and then usewgetDownload the latest Nextcloud 10 from the official website.

cd /tmpwget https://download.nextcloud.com/server/releases/nextcloud-10.0.2.zip

Decompress Nextcloud and move it/usr/share/nginx/html/ Directory.

unzip nextcloud-10.0.2.zipmv nextcloud/ /usr/share/nginx/html/

Next, go to the Nginx web root directory and create data Folder.

cd /usr/share/nginx/html/mkdir -p nextcloud/data/

Change nextcloud The Directory owner isnginx Users and Groups.

chown nginx:nginx -R nextcloud/

Step 6-configure virtual hosts for Nextcloud in Nginx

In step 5, we have downloaded the Nextcloud source code and configured it to run on the Nginx server, but we also need to configure a virtual host for it. In Nginx conf.d Create a new virtual host configuration file under the Directory nextcloud.conf.

cd /etc/nginx/conf.d/vim nextcloud.conf

Paste the following content into the VM configuration file:

upstream php-handler {  server 127.0.0.1:9000;  #server unix:/var/run/php5-fpm.sock;}server {  listen 80;  server_name cloud.nextcloud.co;  # enforce https  return 301 https://$server_name$request_uri;}server {  listen 443 ssl;  server_name cloud.nextcloud.co;  ssl_certificate /etc/nginx/cert/nextcloud.crt;  ssl_certificate_key /etc/nginx/cert/nextcloud.key;  # Add headers to serve security related headers  # Before enabling Strict-Transport-Security headers please read into this  # topic first.  add_header Strict-Transport-Security "max-age=15768000;  includeSubDomains; preload;";  add_header X-Content-Type-Options nosniff;  add_header X-Frame-Options "SAMEORIGIN";  add_header X-XSS-Protection "1; mode=block";  add_header X-Robots-Tag none;  add_header X-Download-Options noopen;  add_header X-Permitted-Cross-Domain-Policies none;  # Path to the root of your installation  root /usr/share/nginx/html/nextcloud/;  location = /robots.txt {    allow all;    log_not_found off;    access_log off;  }  # The following 2 rules are only needed for the user_webfinger app.  # Uncomment it if you're planning to use this app.  #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;  #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json  # last;  location = /.well-known/carddav {   return 301 $scheme://$host/remote.php/dav;  }  location = /.well-known/caldav {   return 301 $scheme://$host/remote.php/dav;  }  # set max upload size  client_max_body_size 512M;  fastcgi_buffers 64 4K;  # Disable gzip to avoid the removal of the ETag header  gzip off;  # Uncomment if your server is build with the ngx_pagespeed module  # This module is currently not supported.  #pagespeed off;  error_page 403 /core/templates/403.php;  error_page 404 /core/templates/404.php;  location / {    rewrite ^ /index.php$uri;  }  location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {    deny all;  }  location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {    deny all;  }  location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {    include fastcgi_params;    fastcgi_split_path_info ^(.+\.php)(/.*)$;    fastcgi_param script_FILENAME $document_root$fastcgi_script_name;    fastcgi_param PATH_INFO $fastcgi_path_info;    fastcgi_param HTTPS on;    #Avoid sending the security headers twice    fastcgi_param modHeadersAvailable true;    fastcgi_param front_controller_active true;    fastcgi_pass php-handler;    fastcgi_intercept_errors on;    fastcgi_request_buffering off;  }  location ~ ^/(?:updater|ocs-provider)(?:$|/) {    try_files $uri/ =404;    index index.php;  }  # Adding the cache control header for js and css files  # Make sure it is BELOW the PHP block  location ~* \.(?:css|js)$ {    try_files $uri /index.php$uri$is_args$args;    add_header Cache-Control "public, max-age=7200";    # Add headers to serve security related headers (It is intended to    # have those duplicated to the ones above)    # Before enabling Strict-Transport-Security headers please read into    # this topic first.    add_header Strict-Transport-Security "max-age=15768000;    includeSubDomains; preload;";    add_header X-Content-Type-Options nosniff;    add_header X-Frame-Options "SAMEORIGIN";    add_header X-XSS-Protection "1; mode=block";    add_header X-Robots-Tag none;    add_header X-Download-Options noopen;    add_header X-Permitted-Cross-Domain-Policies none;    # Optional: Don't log access to assets    access_log off;  }  location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {    try_files $uri /index.php$uri$is_args$args;    # Optional: Don't log access to other assets    access_log off;  }}

Save the file and exit vim.

Download and test whether the Nginx configuration file is incorrect. if not, restart the service.

nginx -tsystemctl restart nginx

In this tutorial, we will run SELinux in forced mode, so we need a SELinux management tool to configure SELinux for Nextcloud.

Run the following command to install SELinux.

yum -y install policycoreutils-python

Run the following command as the root user to run Nextcloud in The SELinux environment. If you are using another directory named, remembernextcloud Replace.

semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/data(/.*)?'semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/config(/.*)?'semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/apps(/.*)?'semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/assets(/.*)?'semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.htaccess'semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/nextcloud/.user.ini'restorecon -Rv '/usr/share/nginx/html/nextcloud/'

Next, we need to enable the firewalld service and enable both http and https ports for Nextcloud.

Start firewalld and set to start with the system.

systemctl start firewalldsystemctl enable firewalld

Now, use the firewall-cmd command to enable the http and https ports and then reload the firewall.

firewall-cmd --permanent --add-service=httpfirewall-cmd --permanent --add-service=httpsfirewall-cmd --reload

Now we have installed Nextcloud on the CentOS 7 server by using Nginx, PHP7-FPM, and MariaDB. I hope it will be helpful to everyone's learning, and I hope you can support your own home.

The above is a detailed explanation of how to use Nginx and PHP7-FPM in CentOS7 to install Nextcloud graphic tutorial details, more please pay attention to the first PHP community other related articles!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.